Certain invalid salt arguments crashed the server or
disclosed a few bytes of server memory. We have not ruled
out the viability of attacks that arrange for presence of
confidential information in the disclosed bytes, but they
seem unlikely. (CVE-2015-5288)

An oversight in a patch in the most recent minor
releases caused pg_trigger_tgrelid_tgname_index to be
omitted from the init file. Subsequent sessions detected
this, then deemed the init file to be broken and silently
ignored it, resulting in a significant degradation in
session startup time. In addition to fixing the bug,
install some guards so that any similar future mistake will
be more obvious.

Avoid O(N^2) behavior when inserting many tuples into a
SPI query result (Neil Conway)

Improve LISTEN startup time
when there are many unread notifications (Matt Newell)

This was seen primarily when restoring pg_dump output for databases with many
thousands of tables.

Disable SSL renegotiation by default (Michael Paquier,
Andres Freund)

While use of SSL renegotiation is a good idea in theory,
we have seen too many bugs in practice, both in the
underlying OpenSSL library and in our usage of it.
Renegotiation will be removed entirely in 9.5 and later. In
the older branches, just change the default value of
ssl_renegotiation_limit to zero
(disabled).

Lower the minimum values of the *_freeze_max_age parameters (Andres
Freund)

This is mainly to make tests of related behavior less
time-consuming, but it may also be of value for
installations with limited disk space.

These mistakes could lead to incorrect query plans that
would give wrong answers, or to assertion failures in
assert-enabled builds, or to odd planner errors such as
"could not devise a query plan for the
given query", "could not find
pathkey item to sort", "plan
should not reference subplan's variable", or
"failed to assign all NestLoopParams to
plan nodes". Thanks are due to Andreas Seltenreich
and Piotr Stefaniak for fuzz testing that exposed these
problems.

If, during a crash recovery cycle, the startup process
crashes without having restored database consistency, we'd
try to launch a new startup process, which typically would
just crash again, leading to an infinite loop.

Make emergency autovacuuming for multixact wraparound
more robust (Andres Freund)

Do not print a WARNING when an
autovacuum worker is already gone when we attempt to signal
it, and reduce log verbosity for such signals (Tom
Lane)

Prevent autovacuum launcher from sleeping unduly long if
the server clock is moved backwards a large amount (Álvaro
Herrera)

Ensure that cleanup of a GIN index's pending-insertions
list is interruptable by cancel requests (Jeff Janes)

The formatting code invoked by \pset
numericlocale on did the wrong thing for some uncommon
cases such as numbers with an exponent but no decimal
point. It could also mangle already-localized output from
the money data type.

Prevent crash in psql's
\c command when there is no
current connection (Noah Misch)

Ensure that temporary files created during a
pg_dump run with
tar-format output are
not world-readable (Michael Paquier)

Fix pg_dump and
pg_upgrade to support
cases where the postgres or
template1 database is in a
non-default tablespace (Marti Raudsepp, Bruce Momjian)

Fix pg_dump to handle
object privileges sanely when dumping from a server too old
to have a particular privilege type (Tom Lane)

When dumping data types from pre-9.2 servers, and when
dumping functions or procedural languages from pre-7.3
servers, pg_dump would
produce GRANT/REVOKE commands that revoked the owner's
grantable privileges and instead granted all privileges to
PUBLIC. Since the privileges
involved are just USAGE and
EXECUTE, this isn't a security
problem, but it's certainly a surprising representation of
the older systems' behavior. Fix it to leave the default
privilege state alone in these cases.

Make the numeric form of the PostgreSQL version number (e.g.,
90405) readily available to
extension Makefiles, as a variable named VERSION_NUM (Michael Paquier)

Update time zone data files to tzdata release 2015g for DST law
changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk
Island, North Korea, Turkey, and Uruguay. There is a new
zone name America/Fort_Nelson for
the Canadian Northern Rockies.

Submit correction

If you see anything in the documentation that is not correct, does not match
your experience with the particular feature or requires further clarification,
please use
this form
to report a documentation issue.